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WHAT IS CLAIMED IS : 

1 . A system for detecting and responding to an attack, comprising: 

a first device attached to a network and configured to detect an attack based on received 
traffic, create attack information, and forward the attack information to the network; and 

a second device configured to receive the attack information and detect particular traffic 
based on the attack information. 

2. The system of claim 1, wherein the first device comprises a firewall filter. 

3. The system of claim 1, wherein the first device comprises: 
a filter device configured to perform stateful filtering. 

4. The system of claim 1 , wherein the first device comprises: 

a packet generating element configured to generate a packet that include the attack 
information. 

5. The system of claim 1, wherein the second device comprises a router. 

6. The system of claim 1, wherein the first device uses a distributed routing protocol for 
sending the attack information. 
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7. The system of claim 1 , wherein the first devices uses a link state routing protocol or a 
path vector routing protocol for sending the attack information. 

8. The system of claim 1, wherein the first device uses one of one of a markup language or 
hypertext protocol or a network management protocol to send the attack information. 

9. The system of claim 1, wherein the second device forwards the attack information to 
other devices. 

1 0. The system of claim 1 , wherein the second device configures a filter based on the attack 
information. 

1 1 . The system of claim 1 , wherein the second device uses the attack information for a 
predetermined amount of time. 

12. The system of claim 1 , wherein the second device rate limits the particular traffic. 

1 3 . The system of claim 1 , wherein the second device counts the particular traffic. 
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14. A method of detecting and responding to an attack, comprising: 
detecting an attack at a first device based on incoming traffic; 
generating attack information defining characteristics of the attack; 
sending the attack information to a second device in a network; 
5 detecting traffic at the second device based on the attack information. 



15. The method of claim 14, including: 

configuring the first device to detect traffic based on the detected attack. 



1 6. The method of claim 14, wherein the sending includes: 
sending a packet that includes the attack information. 



17. The method of claim 14, wherein the sending includes: 

sending the attack information using a distributed routing protocol. 

18. The method of claim 14, wherein the sending includes: 
sending the attack information using a link state routing protocol. 



19. The method of claim 14, further including: 

authenticating the attack information at the second device. 
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20. The method of claim 1 4, further including: 

sending the attack information from the second device to another device. 



2 1 . The method of claim 1 4, further including: 
monitoring the attack at the second device. 



22. The method of claim 14, further including: 

detecting traffic based on the attack information for a particular period of time. 

23. The method of claim 14, further including: 

rate limiting traffic that matches attack characteristics denned in the attack information. 

24. The method of claim 14, wherein the sending includes: 

sending the attack infoimation using one of a markup language or hypertext protocol. 



25 . A device for detecting an attack, comprising: 

an attack detection element configured to detect an attack in incoming traffic; 

an attack information generator configured to generate attack information defining 
characteristics of the attack; and 

a transmitting element configured to transmit the attack information to a device on a 

network. 
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26. The device of claim 25, further comprising: 

a filter element configured to filter incoming traffic and forward filter information to the 
attack detection element. 

27. The device of claim 26, wherein the attack information generator is further configured to 
send attack information to the filter element. 

28. The device of claim 25, wherein the transmitting element is further configured to transmit 
the attack information using a distributed routing protocol. 

29. The device of claim 25, wherein the transmitting element is further configured to transmit 
the attack information using a link state routing protocol. 

30. The device of claim 25, wherein transmitting element is further configured to transmit the 
attack information using an authentication mechanism. 

3 1 . The device of claim 25, wherein the transmitting element is further configured to transmit 
the attack information using encryption. 

32. The device of claim 25, wherein the attack is a denial of service attack. 
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33. A method of detecting an attack, comprising: 

monitoring incoming traffic at a first device to detect an attack; 
generating attack information defining characteristics of the attack; and 
transmitting the attack information to a second device via a network. 

34. The method of claim 33, wherein the attack is a denial of service attack. 

35. The method of claim 33, wherein the monitoring includes: 
using information from a filter to detect the attack. 

36. The method of claim 33, wherein the generating includes: 

sending attack information to a filter for configuring the filter based on the attack. 

37. The method of claim 33, further including: 
performing stateful filtering on incoming traffic. 

38. The method of claim 33, wherein the transmitting includes: 
sending the attack information in a packet. 

39. The method of claim 33, wherein the transmitting includes: 
sending the attack information using a distributed routing protocol. 
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40. The method of claim 33, wherein the transmitting includes: 
sending the attack information using a link state routing protocol. 

41 . The method of claim 33, wherein the transmitting includes: 

sending the attack information using a markup language protocol or a hypertext protocol. 

42. The method of claim 33, wherein the transmitting includes: 
sending the attack information in a secure format. 

43. A device for responding to an attack, comprising: 

a receiver configured to receive attack information from a first device that sent the attack 
information; and 

a configuration element configured to configure a second device based on the received 
attack information. 

44. The device of claim 43, further including: 

a transmitting element for transmitting the attack information to another device via a 
network connection. 
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45. The device of claim 43, wherein the configuration element comprises: 
a filter; and 

an attack configuration generator. 

46. The device of claim 43, wherein the configuration element is further configured to 
configure the second device based on filter information. 

47. The device of claim 43, wherein the configuration element is further configured to 
unconfigure the second device after a predetermined period of time after configuring based on 
the attack information. 

48. The device of claim 43, wherein the second device comprises a router. 

49. The device of claim 43, wherein the configuration element is further configured to 
authenticate the received attack information. 

50. The device of claim 43, wherein the configuration element is further configured to detect 
particular traffic based on the attack information. 



-36- 



Attorney Docket No. JNP-0159 



51. The device of claim 43, wherein the configuration element is further configured to 
monitor traffic and send monitoring results to the first device. 

52. A method of responding to an attack, comprising: 

receiving attack information from a first device attached to a network; 
configuring a second device based on the received attack information; and 
detecting and discarding traffic at the second device based on the received attack 
information. 

53. The method of claim 52, wherein the configuring includes: 

generating configuration information based on the attack information and filter 
information. 

54. The method of claim 52, wherein the configuring includes: 
configuring a filter based on the received attack information. 

55 . The method of claim 52, further including: 

sending the attack information to another device via a network connection. 
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56. The method of claim 52, further including: 
monitoring traffic at the second device; and 
sending monitoring results to the first device. 

57. The method of claim 52, further including: 
authenticating the received attack information. 

58. The method of claim 52, further including: 
deencrypting the received attack information. 

59. The method of claim 52, wherein the second device is a router. 

60. The method of claim 52, wherein the first device is a firewall. 

61 . A method for responding to an attack, comprising: 

receiving attack information at a central management system from a first device via a 
network; 

managing a response to the attack at the central management system. 

62. The method of claim 61, wherein the managing includes: 
sending the attack information to other devices via a network. 
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The method of claim 61, wherein the managing includes: 

receiving attack-related information from other devices via a network; and 

communicating to the first device based on the attack-related information. 

The method of claim 61, wherein the managing includes: 
collecting information related to the attack information. 
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